The New Definition of Global Risk Will Require a New Security Industry

by Dan Dunkel - President, New Era Associates

Published in Today's Systems Integrator

I believe strongly that by reviewing the history of the IT industry we can better position our businesses and careers for the future. It is with this historical perspective in mind that I want to review some fundamental changes that have occurred in the security industry, and why I believe these societal and global forces will forever alter the shape of what security means and does.

After 9/11, many people in the traditional security industry expected a huge windfall in security product purchases. While there was a measurable upswing, sales of security gear and consulting did not go through the roof. However, the events of 9/11 took longer to actually sink in to our respective mindsets. In that tragic event, the meaning of what we thought security was changed forever. Security responsibilities took on a wider scope. While the IT companies were faster to recognize this change and its impact on global infrastructure and consulting revenues, something more fundamental was at hand.Upon reconnecting this year, Pierce told me he noticed a measurable momentum in industry partnering activities over the last six months around convergence solutions. Interesting that this discussion occurred in the IBM booth, where Big Blue was demonstrating security middleware from its partner CNL (www.cnluk.com) and access control solutions from Hirsch Electronics ( www.hirschelectronics.com).

“The risks we will face in the future will be new, complicated, serious, widespread and extreme. In fact, there is an entirely new definition of risk emerging made up of the totality of threat factors, requiring new thinking about what risk is.” - Dr. James Canton, futurist and author, The Extreme Future

It is important to note that the 9/11 terrorists gave no thought at all to our military as a deterrent to their attacks. None. Our national defenses did not factor into their thinking. This point is essential to understanding the evolving state of global security responsibilities.

Simultaneously, two longer term trends were occurring, (1) networking and communication installations exploded after the tech crash (2001-2002) when fiber connections became available for pennies on the dollar, this drove global collaboration, and (2) criminal syndicates (and terrorist organizations for that matter) embraced new technologies faster than the security industry.

The same technology that provides the foundation for global commerce is being used as a means to destroy globalization. This has not escaped the attention of our nation’s intelligence chief. According to Mike McConnell, Director of National Intelligence, “The advance of globalization has enabled, amplified and accelerated threats, which move at increasing speeds due to technology and across geographic and organizational boundaries, blurring the distinction between foreign and domestic threats, and between strategic and tactical events."

These threats are increasing and expanding at breakneck speeds with the development of globalization and technology. International crime and terrorism are also converging. (For example, the train bombings in Spain were financed 100 percent by drug sales.) In his book, Illicit: How Smugglers, Traffickers and Copycats are Hijacking the Global Economy, Moises Naim writes, “Globalization has created a huge global economy that boasts a technologically leveraged global supply chain handling everything from human trafficking, illicit drugs, pirated goods, arms and money laundering.” Naim puts the value of that criminal economy between $2-3 trillion, and it is expanding at seven times the rate of legitimate trade. These numbers are truly scary and set a horrible precedence for the future. Crime is accelerating with the pace of technology while many in the security industry still think in terms of proprietary silos. The other issue is that these global- and Internet-based criminals have about as much concern that national, state or local government will stop them as the 9/11 terrorists had about the military. None.

This global threat scenario is changing the nature of corporate security. It will be global corporations and international intelligence communities (including federal agencies, fusion centers and private businesses selling data – and video – mining capabilities) that will have to step up and answer the 21st century security challenge. This will also mean the integration of true physical security organizations (Blackwater, Triple Canopy, Group4 Securicor, Securitas) with global IT integrators and state-of-the-art command and control systems. The security department will be chartered to protect physical supply chains as well as electronic data.

The security industry shakeout will involve physical security “installers” going into the residential and small business markets, which will be very lucrative. Some will provide innovations with home automation and impact the strategy of the residential monitoring market. The security integrators with IT expertise and effective partnerships will deploy leading edge technology to establish “best practices” solutions. The revenue benefit for these open system solutions that improve security policy lies in mass deployments across the supply chain, including major corporations and their suppliers.

Security will increasingly become a senior executive and board level issue. Public companies with the best security policies will see higher valuation on their stock prices. This will be similar to the premiums Wall Street applied to corporations deploying cost-effective IT systems and e-commerce applications in the late 90’s. Security executives who understand business operations will be at a premium. As we look back at IT history, the CSO will see the same growth pattern as the VP of data processing, who morphed from a tech nerd into the executive suite in the form of the CIO.

As technology becomes open and commoditized, the value-add to the organization will be in innovation. This will be evident in how security policy is managed “proactively” across a global IT infrastructure. Welcome to the future. All Security - All the Time. Vendors will be expected to step up to the challenges as well.